Wed Dec 26 08:59:41 2018 UTC ()
Add ATF for ipsecif(4) which connect to two peers in the same NAPT.


(knakahara)
diff -r1.1 -r1.2 src/tests/net/if_ipsec/t_ipsec_natt.sh
cvs diff -r1.1 -r1.2 src/tests/net/if_ipsec/t_ipsec_natt.sh (expand / switch to unified diff)

--- src/tests/net/if_ipsec/t_ipsec_natt.sh 2018/12/25 03:54:44 1.1
+++ src/tests/net/if_ipsec/t_ipsec_natt.sh 2018/12/26 08:59:41 1.2
@@ -1,56 +1,59 @@ @@ -1,56 +1,59 @@
1# $NetBSD: t_ipsec_natt.sh,v 1.1 2018/12/25 03:54:44 knakahara Exp $ 1# $NetBSD: t_ipsec_natt.sh,v 1.2 2018/12/26 08:59:41 knakahara Exp $
2# 2#
3# Copyright (c) 2018 Internet Initiative Japan Inc. 3# Copyright (c) 2018 Internet Initiative Japan Inc.
4# All rights reserved. 4# All rights reserved.
5# 5#
6# Redistribution and use in source and binary forms, with or without 6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions 7# modification, are permitted provided that the following conditions
8# are met: 8# are met:
9# 1. Redistributions of source code must retain the above copyright 9# 1. Redistributions of source code must retain the above copyright
10# notice, this list of conditions and the following disclaimer. 10# notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright 11# 2. Redistributions in binary form must reproduce the above copyright
12# notice, this list of conditions and the following disclaimer in the 12# notice, this list of conditions and the following disclaimer in the
13# documentation and/or other materials provided with the distribution. 13# documentation and/or other materials provided with the distribution.
14# 14#
15# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 15# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
16# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 16# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
17# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 17# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 18# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
19# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 19# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
20# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 20# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 21# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 22# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 23# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25# POSSIBILITY OF SUCH DAMAGE. 25# POSSIBILITY OF SUCH DAMAGE.
26# 26#
27 27
28SOCK_LOCAL=unix://ipsec_natt_local 28SOCK_LOCAL_A=unix://ipsec_natt_local_a
 29SOCK_LOCAL_B=unix://ipsec_natt_local_b
29SOCK_NAT=unix://ipsec_natt_nat 30SOCK_NAT=unix://ipsec_natt_nat
30SOCK_REMOTE=unix://ipsec_natt_remote 31SOCK_REMOTE=unix://ipsec_natt_remote
31BUS_LOCAL=./bus_ipsec_natt_local 32BUS_LOCAL=./bus_ipsec_natt_local
32BUS_NAT=./bus_ipsec_natt_nat 33BUS_NAT=./bus_ipsec_natt_nat
33 34
34DEBUG=${DEBUG:-false} 35DEBUG=${DEBUG:-false}
35HIJACKING_NPF="${HIJACKING},blanket=/dev/npf" 36HIJACKING_NPF="${HIJACKING},blanket=/dev/npf"
36 37
37setup_servers() 38setup_servers()
38{ 39{
39 40
40 rump_server_crypto_start $SOCK_LOCAL netipsec ipsec 41 rump_server_crypto_start $SOCK_LOCAL_A netipsec ipsec
 42 rump_server_crypto_start $SOCK_LOCAL_B netipsec ipsec
41 rump_server_npf_start $SOCK_NAT 43 rump_server_npf_start $SOCK_NAT
42 rump_server_crypto_start $SOCK_REMOTE netipsec ipsec 44 rump_server_crypto_start $SOCK_REMOTE netipsec ipsec
43 rump_server_add_iface $SOCK_LOCAL shmif0 $BUS_LOCAL 45 rump_server_add_iface $SOCK_LOCAL_A shmif0 $BUS_LOCAL
 46 rump_server_add_iface $SOCK_LOCAL_B shmif0 $BUS_LOCAL
44 rump_server_add_iface $SOCK_NAT shmif0 $BUS_LOCAL 47 rump_server_add_iface $SOCK_NAT shmif0 $BUS_LOCAL
45 rump_server_add_iface $SOCK_NAT shmif1 $BUS_NAT 48 rump_server_add_iface $SOCK_NAT shmif1 $BUS_NAT
46 rump_server_add_iface $SOCK_REMOTE shmif0 $BUS_NAT 49 rump_server_add_iface $SOCK_REMOTE shmif0 $BUS_NAT
47} 50}
48 51
49setup_ipsecif() 52setup_ipsecif()
50{ 53{
51 local sock=$1 54 local sock=$1
52 local ifid=$2 55 local ifid=$2
53 local src_ip=$3 56 local src_ip=$3
54 local src_port=$4 57 local src_port=$4
55 local dst_ip=$5 58 local dst_ip=$5
56 local dst_port=$6 59 local dst_port=$6
@@ -283,130 +286,211 @@ check_tcp_com_over_ipsecif() @@ -283,130 +286,211 @@ check_tcp_com_over_ipsecif()
283 extract_new_packets $bus > $outfile 286 extract_new_packets $bus > $outfile
284 $DEBUG && cat $outfile 287 $DEBUG && cat $outfile
285 atf_check -s exit:0 \ 288 atf_check -s exit:0 \
286 -o match:"${nat_from_ip}\.$nat_from_port > ${nat_to_ip}\.${nat_to_port}: UDP-encap" \ 289 -o match:"${nat_from_ip}\.$nat_from_port > ${nat_to_ip}\.${nat_to_port}: UDP-encap" \
287 cat $outfile 290 cat $outfile
288 atf_check -s exit:0 \ 291 atf_check -s exit:0 \
289 -o match:"${nat_to_ip}\.${nat_to_port} > ${nat_from_ip}\.${nat_from_port}: UDP-encap" \ 292 -o match:"${nat_to_ip}\.${nat_to_port} > ${nat_from_ip}\.${nat_from_port}: UDP-encap" \
290 cat $outfile 293 cat $outfile
291} 294}
292 295
293test_ipsecif_natt_transport() 296test_ipsecif_natt_transport()
294{ 297{
295 local algo=$1 298 local algo=$1
296 local ip_local=192.168.0.2 299 local ip_local_a=192.168.0.2
 300 local ip_local_b=192.168.0.3
297 local ip_nat_local=192.168.0.1 301 local ip_nat_local=192.168.0.1
298 local ip_nat_remote=10.0.0.1 302 local ip_nat_remote=10.0.0.1
299 local ip_remote=10.0.0.2 303 local ip_remote=10.0.0.2
300 local subnet_local=192.168.0.0 304 local subnet_local=192.168.0.0
301 local ip_local_ipsecif=172.16.100.1 305 local ip_local_ipsecif_a=172.16.100.1
302 local ip_remote_ipsecif=172.16.10.1 306 local ip_local_ipsecif_b=172.16.110.1
 307 local ip_remote_ipsecif_a=172.16.10.1
 308 local ip_remote_ipsecif_b=172.16.11.1
303 309
304 local npffile=./npf.conf 310 local npffile=./npf.conf
305 local file_send=./file.send 311 local file_send=./file.send
306 local algo_args="$(generate_algo_args esp-udp $algo)" 312 local algo_args="$(generate_algo_args esp-udp $algo)"
307 local pid= port= 313 local pid= port_a= port_b=
308 314
309 setup_servers 315 setup_servers
310 316
311 export RUMP_SERVER=$SOCK_LOCAL 317 export RUMP_SERVER=$SOCK_LOCAL_A
312 atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 318 atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
313 atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24 319 atf_check -s exit:0 rump.ifconfig shmif0 $ip_local_a/24
 320 atf_check -s exit:0 -o ignore \
 321 rump.route -n add default $ip_nat_local
 322
 323 export RUMP_SERVER=$SOCK_LOCAL_B
 324 atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
 325 atf_check -s exit:0 rump.ifconfig shmif0 $ip_local_b/24
314 atf_check -s exit:0 -o ignore \ 326 atf_check -s exit:0 -o ignore \
315 rump.route -n add default $ip_nat_local 327 rump.route -n add default $ip_nat_local
316 328
317 export RUMP_SERVER=$SOCK_NAT 329 export RUMP_SERVER=$SOCK_NAT
318 atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 330 atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
319 atf_check -s exit:0 rump.ifconfig shmif0 $ip_nat_local/24 331 atf_check -s exit:0 rump.ifconfig shmif0 $ip_nat_local/24
320 atf_check -s exit:0 rump.ifconfig shmif1 $ip_nat_remote/24 332 atf_check -s exit:0 rump.ifconfig shmif1 $ip_nat_remote/24
321 atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.forwarding=1 333 atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.forwarding=1
322 334
323 export RUMP_SERVER=$SOCK_REMOTE 335 export RUMP_SERVER=$SOCK_REMOTE
324 atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 336 atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
325 atf_check -s exit:0 rump.ifconfig shmif0 $ip_remote/24 337 atf_check -s exit:0 rump.ifconfig shmif0 $ip_remote/24
326 atf_check -s exit:0 -o ignore \ 338 atf_check -s exit:0 -o ignore \
327 rump.route -n add -net $subnet_local $ip_nat_remote 339 rump.route -n add -net $subnet_local $ip_nat_remote
328 340
329 # There is no NAT/NAPT. ping should just work. 341 # There is no NAT/NAPT. ping should just work.
330 check_ping_packets $SOCK_LOCAL $BUS_NAT $ip_local $ip_remote 342 check_ping_packets $SOCK_LOCAL_A $BUS_NAT $ip_local_a $ip_remote
 343 check_ping_packets $SOCK_LOCAL_B $BUS_NAT $ip_local_b $ip_remote
331 344
332 # Setup an NAPT with npf 345 # Setup an NAPT with npf
333 build_npf_conf $npffile "$subnet_local/24" 346 build_npf_conf $npffile "$subnet_local/24"
334 347
335 export RUMP_SERVER=$SOCK_NAT 348 export RUMP_SERVER=$SOCK_NAT
336 atf_check -s exit:0 $HIJACKING_NPF npfctl reload $npffile 349 atf_check -s exit:0 $HIJACKING_NPF npfctl reload $npffile
337 atf_check -s exit:0 $HIJACKING_NPF npfctl start 350 atf_check -s exit:0 $HIJACKING_NPF npfctl start
338 $DEBUG && ${HIJACKING},"blanket=/dev/npf" npfctl show 351 $DEBUG && ${HIJACKING},"blanket=/dev/npf" npfctl show
339 352
340 # There is an NAPT. ping works but source IP/port are translated 353 # There is an NAPT. ping works but source IP/port are translated
341 check_ping_packets $SOCK_LOCAL $BUS_NAT $ip_nat_remote $ip_remote 354 check_ping_packets $SOCK_LOCAL_A $BUS_NAT $ip_nat_remote $ip_remote
 355 check_ping_packets $SOCK_LOCAL_B $BUS_NAT $ip_nat_remote $ip_remote
342 356
343 # Try TCP communications just in case 357 # Try TCP communications just in case
344 check_tcp_com_prepare $SOCK_REMOTE $SOCK_LOCAL $BUS_NAT \ 358 check_tcp_com_prepare $SOCK_REMOTE $SOCK_LOCAL_A $BUS_NAT \
 359 $ip_remote $ip_nat_remote $ip_remote
 360 check_tcp_com_prepare $SOCK_REMOTE $SOCK_LOCAL_B $BUS_NAT \
345 $ip_remote $ip_nat_remote $ip_remote 361 $ip_remote $ip_nat_remote $ip_remote
346 362
347 # Launch a nc server as a terminator of NAT-T on outside the NAPT 363 # Launch a nc server as a terminator of NAT-T on outside the NAPT
348 start_natt_terminator $SOCK_REMOTE $ip_remote 4500 364 start_natt_terminator $SOCK_REMOTE $ip_remote 4500
349 echo zzz > $file_send 365 echo zzz > $file_send
350 366
 367 #################### Test for primary ipsecif(4) NAT-T.
 368
 369 export RUMP_SERVER=$SOCK_LOCAL_A
 370 # Send a UDP packet to the remote server at port 4500 from the local
 371 # host of port 4500. This makes a mapping on the NAPT between them
 372 atf_check -s exit:0 $HIJACKING \
 373 nc -u -w 3 -p 4500 $ip_remote 4500 < $file_send
 374 # Launch a nc server as a terminator of NAT-T on inside the NAPT,
 375 # taking over port 4500 of the local host.
 376 start_natt_terminator $SOCK_LOCAL_A $ip_local_a 4500
 377
 378 # We need to keep the servers for NAT-T
 379
 380 export RUMP_SERVER=$SOCK_LOCAL_A
 381 $DEBUG && rump.netstat -na -f inet
 382 export RUMP_SERVER=$SOCK_REMOTE
 383 $DEBUG && rump.netstat -na -f inet
 384
 385 # Get a translated port number from 4500 on the NAPT
 386 export RUMP_SERVER=$SOCK_NAT
 387 $DEBUG && $HIJACKING_NPF npfctl list
 388 # 192.168.0.2:4500 10.0.0.2:4500 via shmif1:65248
 389 port_a=$($HIJACKING_NPF npfctl list | grep $ip_local_a | awk -F 'shmif1:' '/4500/ {print $2;}')
 390 $DEBUG && echo port_a=$port_a
 391 if [ -z "$port_a" ]; then
 392 atf_fail "Failed to get a traslated port on NAPT"
 393 fi
 394
 395 # Setup ESP-UDP ipsecif(4) for first client under NAPT
 396 setup_ipsecif $SOCK_LOCAL_A 0 $ip_local_a 4500 $ip_remote 4500 \
 397 $ip_local_ipsecif_a $ip_remote_ipsecif_a
 398 setup_ipsecif $SOCK_REMOTE 0 $ip_remote 4500 $ip_nat_remote $port_a \
 399 $ip_remote_ipsecif_a $ip_local_ipsecif_a
 400
 401 add_sa $SOCK_LOCAL_A "esp-udp" "$algo_args" \
 402 $ip_local_a 4500 $ip_remote 4500 10000 10001
 403 add_sa $SOCK_REMOTE "esp-udp" "$algo_args" \
 404 $ip_remote 4500 $ip_nat_remote $port_a 10001 10000
 405
 406 export RUMP_SERVER=$SOCK_LOCAL_A
 407 # ping should still work
 408 atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_remote
351 409
352 export RUMP_SERVER=$SOCK_LOCAL 410 # Try ping over the ESP-UDP ipsecif(4)
 411 check_ping_packets_over_ipsecif $SOCK_LOCAL_A $BUS_NAT \
 412 $ip_remote_ipsecif_a $ip_nat_remote $port_a $ip_remote 4500
 413
 414 # Try TCP communications over the ESP-UDP ipsecif(4)
 415 check_tcp_com_over_ipsecif $SOCK_REMOTE $SOCK_LOCAL_A $BUS_NAT \
 416 $ip_remote_ipsecif_a $ip_nat_remote $port_a $ip_remote 4500
 417
 418 #################### Test for secondary ipsecif(4) NAT-T.
 419
 420 export RUMP_SERVER=$SOCK_REMOTE
 421 $HIJACKING setkey -D
 422 $HIJACKING setkey -DP
 423
 424 export RUMP_SERVER=$SOCK_LOCAL_B
353 # Send a UDP packet to the remote server at port 4500 from the local 425 # Send a UDP packet to the remote server at port 4500 from the local
354 # host of port 4500. This makes a mapping on the NAPT between them 426 # host of port 4500. This makes a mapping on the NAPT between them
355 atf_check -s exit:0 $HIJACKING \ 427 atf_check -s exit:0 $HIJACKING \
356 nc -u -w 3 -p 4500 $ip_remote 4500 < $file_send 428 nc -u -w 3 -p 4500 $ip_remote 4500 < $file_send
357 # Launch a nc server as a terminator of NAT-T on inside the NAPT, 429 # Launch a nc server as a terminator of NAT-T on inside the NAPT,
358 # taking over port 4500 of the local host. 430 # taking over port 4500 of the local host.
359 start_natt_terminator $SOCK_LOCAL $ip_local 4500 431 start_natt_terminator $SOCK_LOCAL_B $ip_local_b 4500
360 432
361 # We need to keep the servers for NAT-T 433 # We need to keep the servers for NAT-T
362 434
363 export RUMP_SERVER=$SOCK_LOCAL 435 export RUMP_SERVER=$SOCK_LOCAL_B
364 $DEBUG && rump.netstat -na -f inet 436 $DEBUG && rump.netstat -na -f inet
365 export RUMP_SERVER=$SOCK_REMOTE 437 export RUMP_SERVER=$SOCK_REMOTE
366 $DEBUG && rump.netstat -na -f inet 438 $DEBUG && rump.netstat -na -f inet
367 439
368 # Get a translated port number from 4500 on the NAPT 440 # Get a translated port number from 4500 on the NAPT
369 export RUMP_SERVER=$SOCK_NAT 441 export RUMP_SERVER=$SOCK_NAT
370 $DEBUG && $HIJACKING_NPF npfctl list 442 $DEBUG && $HIJACKING_NPF npfctl list
371 # 192.168.0.2:4500 10.0.0.2:4500 via shmif1:65248 443 # 192.168.0.2:4500 10.0.0.2:4500 via shmif1:65248
372 port=$($HIJACKING_NPF npfctl list | grep $ip_local | awk -F 'shmif1:' '/4500/ {print $2;}') 444 port_b=$($HIJACKING_NPF npfctl list | grep $ip_local_b | awk -F 'shmif1:' '/4500/ {print $2;}')
373 $DEBUG && echo port=$port 445 $DEBUG && echo port_b=$port_b
374 if [ -z "$port" ]; then 446 if [ -z "$port_b" ]; then
375 atf_fail "Failed to get a traslated port on NAPT" 447 atf_fail "Failed to get a traslated port on NAPT"
376 fi 448 fi
377 449
378 # Setup ESP-UDP ipsecif(4) for first client under NAPT 450 # Setup ESP-UDP ipsecif(4) for first client under NAPT
379 setup_ipsecif $SOCK_LOCAL 0 $ip_local 4500 $ip_remote 4500 \ 451 setup_ipsecif $SOCK_LOCAL_B 0 $ip_local_b 4500 $ip_remote 4500 \
380 $ip_local_ipsecif $ip_remote_ipsecif 452 $ip_local_ipsecif_b $ip_remote_ipsecif_b
381 setup_ipsecif $SOCK_REMOTE 0 $ip_remote 4500 $ip_nat_remote $port \ 453 setup_ipsecif $SOCK_REMOTE 1 $ip_remote 4500 $ip_nat_remote $port_b \
382 $ip_remote_ipsecif $ip_local_ipsecif 454 $ip_remote_ipsecif_b $ip_local_ipsecif_b
 455
 456 check_ping_packets_over_ipsecif $SOCK_LOCAL_A $BUS_NAT \
 457 $ip_remote_ipsecif_a $ip_nat_remote $port_a $ip_remote 4500
383 458
384 add_sa $SOCK_LOCAL "esp-udp" "$algo_args" \ 459 add_sa $SOCK_LOCAL_B "esp-udp" "$algo_args" \
385 $ip_local 4500 $ip_remote 4500 10000 10001 460 $ip_local_b 4500 $ip_remote 4500 11000 11001
386 add_sa $SOCK_REMOTE "esp-udp" "$algo_args" \ 461 add_sa $SOCK_REMOTE "esp-udp" "$algo_args" \
387 $ip_remote 4500 $ip_nat_remote $port 10001 10000 462 $ip_remote 4500 $ip_nat_remote $port_b 11001 11000
388 463
389 export RUMP_SERVER=$SOCK_LOCAL 464 export RUMP_SERVER=$SOCK_LOCAL_B
390 # ping should still work 465 # ping should still work
391 atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_remote 466 atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_remote
392 467
393 # Try ping over the ESP-UDP ipsecif(4) 468 # Try ping over the ESP-UDP ipsecif(4)
394 check_ping_packets_over_ipsecif $SOCK_LOCAL $BUS_NAT \ 469 check_ping_packets_over_ipsecif $SOCK_LOCAL_B $BUS_NAT \
395 $ip_remote_ipsecif $ip_nat_remote $port $ip_remote 4500 470 $ip_remote_ipsecif_b $ip_nat_remote $port_b $ip_remote 4500
 471
396 472
397 # Try TCP communications over the ESP-UDP ipsecif(4) 473 # Try TCP communications over the ESP-UDP ipsecif(4)
398 check_tcp_com_over_ipsecif $SOCK_REMOTE $SOCK_LOCAL $BUS_NAT \ 474 check_tcp_com_over_ipsecif $SOCK_REMOTE $SOCK_LOCAL_B $BUS_NAT \
399 $ip_remote_ipsecif $ip_nat_remote $port $ip_remote 4500 475 $ip_remote_ipsecif_b $ip_nat_remote $port_b $ip_remote 4500
 476
 477 # Try ping over the ESP-UDP ipsecif(4) for primary again
 478 check_ping_packets_over_ipsecif $SOCK_LOCAL_A $BUS_NAT \
 479 $ip_remote_ipsecif_a $ip_nat_remote $port_a $ip_remote 4500
 480
 481 # Try TCP communications over the ESP-UDP ipsecif(4) for primary again
 482 check_tcp_com_over_ipsecif $SOCK_REMOTE $SOCK_LOCAL_A $BUS_NAT \
 483 $ip_remote_ipsecif_a $ip_nat_remote $port_a $ip_remote 4500
400 484
401 # Kill the NAT-T terminator 485 # Kill the NAT-T terminator
402 stop_natt_terminators 486 stop_natt_terminators
403} 487}
404 488
405add_test_ipsecif_natt_transport() 489add_test_ipsecif_natt_transport()
406{ 490{
407 local algo=$1 491 local algo=$1
408 local _algo=$(echo $algo | sed 's/-//g') 492 local _algo=$(echo $algo | sed 's/-//g')
409 local name= desc= 493 local name= desc=
410 494
411 desc="Test ipsecif(4) NAT-T ($algo)" 495 desc="Test ipsecif(4) NAT-T ($algo)"
412 name="ipsecif_natt_transport_${_algo}" 496 name="ipsecif_natt_transport_${_algo}"